Citrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows.
June 18, 2025 By Ionut Arghire
Citrix on Tuesday announced patches for four vulnerabilities across three products, including a critical-severity issue in NetScaler ADC and NetScaler Gateway.
The critical flaw, tracked as CVE-2025-5777 (CVSS score of 9.3), is described as an out-of-bounds memory read caused by insufficient input validation.
Only NetScaler deployments configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as Authentication, Authorization, and Accounting (AAA) virtual server are affected, Citrix explains in its advisory.
The flaw was addressed in NetScaler ADC versions 14.1-43.56, 13.1-58.32, 13.1-FIPS, 13.1-NDcPP 13.1-37.235, and 12.1-FIPS 12.1-55.328, and in NetScaler Gateway versions 14.1-43.56 and 13.1-58.32.
The updates also address CVE-2025-5349, a high-severity improper access control issue in the NetScaler Management Interface.
Citrix warns that NetScaler ADC and Gateway versions 12.1 and 13.0, which have been discontinued, are affected by these vulnerabilities too, urging customers to upgrade to a supported iteration as soon as possible.
